CVE-2026-33497
published 2026-03-24CVE-2026-33497: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
7.99%
94.0th percentile
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langflow-ai | langflow | < 1.7.1 | 1.7.1 |
| langflow | langflow | < 1.7.1 | 1.7.1 |
| langflow | langflow | >= 0 < 1.7.1 | 1.7.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
osv·2026-03-20
CVE-2026-33497 [HIGH] langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
## Vulnerability
### Path Traversal in `GET /api/v1/files/profile_pictures/{folder_name}/{file_name}`
The `download_profile_picture` function in `src/backend/base/langflow/api/v1/files.py` constructed file paths by directly concatenating the user-supplied `folder_name` and `file_name` path parameters without sanitization or boundary validation. The resulting path was passed to the filesystem without verifying it remained within the intended directory.
An unauthenticated attacker could supply traversal sequences (e.g. `../secret_key`) to navigate outside the profile pictures directory and read arbitrary files on the server filesystem.
This exposed the server to:
- **Sensitive file disclosure** — any file reada
GHSA
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
ghsa·2026-03-20
CVE-2026-33497 [HIGH] CWE-22 langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
## Vulnerability
### Path Traversal in `GET /api/v1/files/profile_pictures/{folder_name}/{file_name}`
The `download_profile_picture` function in `src/backend/base/langflow/api/v1/files.py` constructed file paths by directly concatenating the user-supplied `folder_name` and `file_name` path parameters without sanitization or boundary validation. The resulting path was passed to the filesystem without verifying it remained within the intended directory.
An unauthenticated attacker could supply traversal sequences (e.g. `../secret_key`) to navigate outside the profile pictures directory and read arbitrary files on the server filesystem.
This exposed the server to:
- **Sensitive file disclosure** — any file reada
No detection rules found.
No public exploits indexed.
2026-03-24
Published